funsec mailing list archives
Re: MySpace Accounts Compromised by Phishers
From: Gregory Hicks <ghicks () cadence com>
Date: Fri, 27 Oct 2006 13:16:10 -0700 (PDT)
Date: Fri, 27 Oct 2006 15:52:06 -0400 From: "Dude VanWinkle" <dudevanwinkle () gmail com> To: "Valdis.Kletnieks () vt edu" <Valdis.Kletnieks () vt edu> Subject: Re: [funsec] MySpace Accounts Compromised by Phishers Cc: funsec () linuxbox org On 10/27/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:On Fri, 27 Oct 2006 15:15:58 EDT, Dude VanWinkle said:On 10/27/06, Fergie <fergdawg () netzero net> wrote:Good question. :-)a better question is why the hell would you jack a myspace page? is there any way to make money off it? What are the incentives?You jack a page, now you have a starting point to feed IE exploits at all the victim's friends when they visit. You get lucky and nail somebody with 2,349 "friends", that's a lot of leverage. Especially if part of the thing you shoot them is something to whack *their* Myspace page and go
viral.
High hit rates by people who are likely not security/privacy conscious. What's not to like about it if you're a black hat trying to monetize it? :)
Something else he didn't mention... The users probably have the same user name and password for MySpace that they have for other online services. Thus, capturing those may give an 'in' to other, more lucrative, prospects. ------------------------------------------------------------------- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MySpace Accounts Compromised by Phishers Fergie (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Ron Bowes (Oct 27)
- <Possible follow-ups>
- Re: MySpace Accounts Compromised by Phishers Fergie (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Ron Bowes (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Valdis . Kletnieks (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Valdis . Kletnieks (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Brian Porter (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Blue Boar (Oct 27)